Facebook chief Mark Zuckerberg has claimed the social network is ready for GDPR, but failed to give any answers to the most probing questions posed by European MEPs

Facebook will be fully compliant with the EU’s General Data Protection Regulation (GDPR) by the compliance deadline of 25 May 2018, Facebook founder and chief executive Mark Zuckerberg has told members of the European parliament in Brussels.

Download this free guide

3 key web security guidelines from FS-ISAC

We address the ongoing issues regarding web security for businesses relying on an online presence. Download this e-guide and discover how to identify and address overlooked web security vulnerabilities as well as why you should look at the full security development lifecycle to reduce web threats.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The Facebook app has already presented European members with the revised settings required and “a large percentage of the users had already reviewed them”, he said.

The GDPR is aimed at improving privacy rights for consumers, and it was hoped that the regulation will provide protections for Facebook users around the world through provisions in the regulation, such as requiring one of six legal bases for collecting and using personal data.

Any company that fails to comply with the GDPR, which includes obligations to protect personal data and report any breaches, could face fines of up to 4% of its global annual turnover, which in Facebook’s case would be $1.6bn, based on 2017 figures.

However, Zuckerberg did not answer the question about whether Facebook had moved the data of 1.5 billion users out of reach of the law by shifting the responsibility for all users outside the US, Canada and the EU from its international headquarters in Ireland to its main offices in California to a site governed by US law rather European law.

This was one of several key questions that Zuckerberg dodged in the 90-minute session, with most commentators blaming the format of the session in which all the questions were put to him before he was asked to respond.

The format allowed Zuckerberg to “cherry-pick his responses and not respond to each individual point”, said Damian Collins, chair of the UK Parliament’s Digital Culture Media and Sport Committee, told the BBC.

Beyond apologising for Facebook’s role and for Facebook’s tools being “used for harm”, Zuckerberg said very little about the data exploitation scandal involving London-based data-mining firm Cambridge Analytica, in which the profile data of nearly 1.1 million Britons out of a total of 87 million Facebook users was extracted by a quiz app downloaded by just 305,000 people.

However, he did say he expected to find other apps that had misused customer data beyond the 200 already suspended, adding that an internal investigation into thousands of third-party developers to see if there are similar cases to the Cambridge Analytica case would take “many months”.

Other key questions Zuckerberg failed to answer included questions about whether Facebook was a monopoly, how it plans to use data from its WhatsApp division, why Facebook collects and stores data about non-users in so-called “shadow profiles”, users’ ability to opt out of political advertising, and the true scale of data abuse on the platform.

The European commissioner on justice and consumer affairs, Vera Jourová, said she would be closely following the work of national data protection authorities in enforcing the GDPR. “As of Friday, strong new EU data protection rules will be in place,” The Guardianquoted her as saying. “These rules will have teeth and protect Europeans. They come just in time.”

Facebook has rolled out consent-gathering controls and a set of tools worldwide to let users exercise their rights under GDPR, such as downloading and deleting data.

While Facebook has been cooperating with the ICO, information commissioner Elizabeth Denham said in early April that it is too early to say whether the changes the social networking firm is making are sufficient under the law, commenting that this an “important time” for privacy rights.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.